We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution is Postman."
"The solution is easy to use."
"The product has valuable features for static and dynamic testing."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"Technical support is helpful."
"The most valuable feature of HCL AppScan is scanning QR codes."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The UI was very intuitive."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The product discovers more vulnerabilities compared to other tools."
"The application scanning feature is the most valuable feature."
"The solution is scalable."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The ZAP scan and code crawler are valuable features."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"It has crashed at times."
"AppScan is too complicated and should be made more user-friendly."
"There is not a central management for static and dynamic."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"Improvement can be done as per customer requirements."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"There's very little documentation that comes with OWASP Zap."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Lacks resources where users can internally access a learning module from the tool."
"The documentation is lacking and out-of-date, it really needs more love."
"It doesn't run on absolutely every operating system."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"Sometimes, we get some false positives."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. HCL AppScan is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify on Demand, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.